https://bugs.webkit.org/show_bug.cgi?id=95269
Reviewed by Eric Seidel.
Source/WebCore:
The W3C Web Cryptography Working Group has taken up specifying
window.crypto. The latest draft calls for getRandomValues to throw an
exception when given an array that's large.
Test: security/crypto-random-values-limits.html
* page/Crypto.cpp:
(WebCore::Crypto::getRandomValues):
LayoutTests:
* security/crypto-random-values-limits-expected.txt: Added.
* security/crypto-random-values-limits.html: Added.
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@126953
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2012-08-28 Adam Barth <abarth@webkit.org>
+
+ crypto.getRandomValues should throw an exception when given a big array
+ https://bugs.webkit.org/show_bug.cgi?id=95269
+
+ Reviewed by Eric Seidel.
+
+ * security/crypto-random-values-limits-expected.txt: Added.
+ * security/crypto-random-values-limits.html: Added.
+
2012-08-28 Tom Sepez <tsepez@chromium.org>
CSP doesn't turn off eval, etc. in Web Workers
--- /dev/null
+Tests the limits of crypto.randomValues.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS 'crypto' in window is true
+PASS 'getRandomValues' in window.crypto is true
+PASS crypto.getRandomValues(largeArray) threw exception Error: QUOTA_EXCEEDED_ERR: DOM Exception 22.
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
--- /dev/null
+<!DOCTYPE html>
+<html>
+<head>
+<script src="../fast/js/resources/js-test-pre.js"></script>
+<script src="resources/utilities.js"></script>
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+<script>
+description("Tests the limits of crypto.randomValues.");
+
+if (!window.ArrayBuffer)
+ debug("This test requres ArrayBuffers to run!");
+
+shouldBe("'crypto' in window", "true");
+shouldBe("'getRandomValues' in window.crypto", "true");
+
+try {
+ var largeArray = new Uint8Array(66000);
+
+ shouldThrow("crypto.getRandomValues(largeArray)");
+} catch(ex) {
+ debug(ex);
+}
+
+</script>
+<script src="../fast/js/resources/js-test-post.js"></script>
+</body>
+</html>
+
+
+2012-08-28 Adam Barth <abarth@webkit.org>
+
+ crypto.getRandomValues should throw an exception when given a big array
+ https://bugs.webkit.org/show_bug.cgi?id=95269
+
+ Reviewed by Eric Seidel.
+
+ The W3C Web Cryptography Working Group has taken up specifying
+ window.crypto. The latest draft calls for getRandomValues to throw an
+ exception when given an array that's large.
+
+ Test: security/crypto-random-values-limits.html
+
+ * page/Crypto.cpp:
+ (WebCore::Crypto::getRandomValues):
+
2012-08-28 Tom Sepez <tsepez@chromium.org>
CSP doesn't turn off eval, etc. in Web Workers
ec = TYPE_MISMATCH_ERR;
return;
}
+ if (array->byteLength() > 65536) {
+ ec = QUOTA_EXCEEDED_ERR;
+ return;
+ }
cryptographicallyRandomValues(array->baseAddress(), array->byteLength());
#else
ASSERT_UNUSED(array, array);